Skip to main content

The new year is expected to be a very important one from the perspective of personal data, as apart from the constant challenges posed by technological developments, the constant need for businesses to adapt to the new conditions caused by the pandemic of the COVID -19 coronavirus remains at the forefront. The following list of challenges for 2022 is not exhaustive but is a forecast of the author based on the current situation at the time of writing.

  1. The declaration of the EU-US Privacy Shield as invalid and the need to comply with legal requirements for international data transfers to the US: the Court of Justice of the European Union, in its consideration of Case C-311/18 “Data Protection Commissioner of Ireland v. Facebook & Max Schrems”, declared in 2020 the Commission’s Decision 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield as invalid. This means in practice that business partnerships that involved and still involve cross-border data transfers to the US, which includes data access, ceased to be free and must be subject to appropriate safeguards which include, inter alia, signing the appropriate contractual texts, carrying out a prior check on the level of data protection in the third country and taking additional necessary measures if deemed appropriate. Business compliance with all of the above still requires increased vigilance of the relevant business departments to take the necessary actions to ensure that business activities are not disrupted.
  2. The continuing need for businesses to adapt to the exceptional circumstances caused by the coronavirus pandemic: This need is manifested, inter alia, in the field of remote work organization by taking appropriate organizational, technical and legal measures. With regard to legal compliance in particular, businesses should ensure, inter alia, that the relevant documents are updated to incorporate the legal requirements in the light of teleworking as it is being developed in the context of the pandemic.
  3. The protection of personal data is expected to continue to have an increasingly strong impact on the shaping of business strategy: businesses should filter any business decision related to the processing of personal data of data subjects (regardless of their status as employees, customers or suppliers) in the light of the protective provisions of the applicable legislation. In practice, this implies and requires the information and constant vigilance of all relevant departments of the company so that business decisions are implemented in a manner that complies with the applicable legislation and the instructions and guidelines of the Data Protection Authority, always with the guidance and appropriate legal assistance.

The above indicative list demonstrates once again the necessity of the need for commercial activity to go hand in hand with experienced and sensitive legal assistance, in order for the latter not to create obstacles to the implementation of business objectives, but on the contrary to act as a supporter and helper in their smooth and legally secure realization.

Author